Comments (3)
Dear isaacg123, we have had a look into your issue, it is fixed in our new version 4 coming soon - hopefully this evening ;-) Please also check new version of IIS Crypto 3.2. Kind regards!
from audit-test-automation.
Check it out here: https://github.com/fbprogmbh/Audit-Test-Automation/releases/tag/v4.0
from audit-test-automation.
Please update "Microsoft IIS10.ps1" The 7.11 check is still looking for 1 rather then 0xffffffff
Looks like both are fine, but most of the tools are checking for a later option
Also found those explanations online:
- Technically speaking, any non-zero value would match to "Enabled".
- Unsigned 0xffffffff (hex) = -1 (decimal so it really isn't different, end result is "enabled"
Code, as it stands today:
# 7.11
function Test-IISAES256Enabled {
<#
.Synopsis
Ensure AES 256/256 Cipher Suite is enabled
.Description
AES 256/256 is the most recent and mature cipher suite for protecting the confidentiality and integrity of HTTP traffic. Enabling AES 256/256 is recommended. This is enabled by default on Server 2012 and 2012 R2.
#>
$message = "AES 256/256 Cipher is disabled"
$audit = "False"
$path = "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256\"
if (Test-Path $path) {
$Key = Get-Item $path
if ($null -ne $Key.GetValue("Enabled", $null)) {
$value = Get-ItemProperty $path | Select-Object -ExpandProperty "Enabled"
if ($value -eq 1) {
$message = $MESSAGE_ALLGOOD
$audit = "True"
}
}
}
from audit-test-automation.
Related Issues (20)
- Update Server 2022 AuditGroups to CIS 3.0.0 HOT 1
- Update Server 2016 AuditGroups to CIS 3.0.0 HOT 1
- Registry Permissions in DISA Benchmarks
- Deleting Registry Permissions out of DISA DC Benchmarks for Windows Servers and create something new
- Issue with AuditTAP When Changing PowerShell Security Rule to ConstrainedLanguage HOT 1
- SBD-011 > local administrator enumeration shows local users as part of domain
- Enrich information SBD-011: Get amount of users and groups in administrators group on system. (0 - 2: True; 3 - 5: Warning; 6 or higher: False)
- Add documentation for weird MS implementation concerning MaximumPasswordAge
- Add Apache Tomcat Hardening
- Decrease IIS CIS Version to 1.1.0
- Readme.md redesign
- Enhance Windows 10 AuditGroups with missing Rules
- Enhance Windows 11 AuditGroups with missing Rules
- Enhance Windows Server 2019 AuditGroups with missing Rule
- Enhance Windows Server 2022 AuditGroups with missing Rule
- Enhance Windows Server 2016 AuditGroups with missing Rules
- Enhance Windows Server 2012 AuditGroups with missing Rules
- Error message appears when running IIS10-Report when IISAdministration-Module not available
- Update Server 2012R2 audit groups to CIS 3.0.0
- Report generation freezes for Audit RHEL 8 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from audit-test-automation.